February 2006

« January 2006 | Main Index | Archives | March 2006 »


Can you digg it?

  • 12:28 PM

After a brief moment of excitement, my webserver traffic returns to normal and I fade back into comfortable obscurity.

My Washington Post article: 1480 diggs

Almost 40,000 unique visits in one day. Normally it's around 1,500

The Washington Post publishes an extended interview with a botnet-running hacker, known only as 0x80:

The young hacker... has agreed to be interviewed only if he isn't identified by name or home town...

The article still has a lot of magazine-style colour:

Tall and lanky, with hair that falls down to his eyebrows, 0x80 almost never looks you in the eye when he talks, his accent a slurry of heavy Southern drawl and Midwestern nasality. He lives with his folks in a small town in Middle America. The nearest businesses are a used-car lot, a gas station / convenience store and a strip club, where 0x80 says he recently dropped $800 for an hour alone in a VIP room with several dancers.

There's also an artfully disguised photo, presumably of 0x80:

With all this detail (and more) about 0x80's circumstances and history, it's a good thing the Post is keeping his identity secret. In a small town of a few thousand people, it would otherwise be pretty easy to track the hacker down from his description.

The article is then linked from Slashdot, where an astute commenter downloads the image and checks out the EXIF IPTC data:

Location: Roland OK

Roland OK is indeed a piece of small-town Middle America, population 3,000. Another commenter quickly finds the most likely used car lot, gas station and strip club.

I think there's a lesson in there somewhere.

Update: In a comment to a Post blog entry, someone claiming to be 0x80 says:

funny is that that is way off from where i reside apprently from what i gathered from brian kreps was it was old metadata so im still safe. haha i guess luck is on my side :)

So who knows, maybe 0x80 dodged a bullet after all?

Update 2: On the other hand, in the comments to this blog entry, the journalist responsible to the article responds to the issue only with "I am aware of it, yes. Thank you." You'd think that if he were in a position to say the metadata was wrong, he would have done so just to nip the whole thing in the bud.

Update 3: Another "no comment" in the live chat talkback for the original article (bugmenot required).

As you know we take our obligations with sources very seriously and I don't want to comment about any speculation about sources.

A Slice of Life

  • 11:40 AM

An in-office discussion of Java's Unicode support.

Jeremy: How many characters does Unicode support anyway?

Charles: It's effectively unlimited. Although because Java only supports two-byte characters, you can only use the first 65,000 or so natively.

(A short discussion of the difference between UCS-2 and UTF-16 encodings ensued)

Matt: So if you wanted to translate Confluence into Klingon, you'd be out of luck.

Charles: Yes, but Klingon isn't officially a part of Unicode, so you'd have to come up with your own encoding anyway.

Charles: ISO-8859-GARKH!

Everyone: ...

Charles: I don't think I've ever felt more like a nerd than I did in that moment.

So I sit down to watch a DVD. A DVD that I purchased legally from a completely legal DVD store in the middle of town. Regardless of this fact, I'm still forced to sit through the "anti-piracy" promo at the beginning of the disc.

And by forced, I mean I'm quite literally not permitted to skip it if I want to watch the movie. Thanks to the User Operation Prohibition requirements of the DVD Digital Rights Management system, the DVD consortium prohibits my DVD player from skipping this patronising advertisement no matter how many times I've seen it before.

At this point in my train of thought, the following appears on the screen:

You Wouldn't Steal a Movie

And I'm thinking: "Yes, I would. I'd steal it in a second if the stolen version allowed me to fast-forward past the fucking adverts."

Recruiters. Grr.

  • 10:21 AM

I'm pretty happy working at Atlassian. It's a great work environment (modulo a few air-conditioning problems), and the work is both challenging, and something I'm personally interested in. As such, there's probably fewer than a handful of companies that, if they made me an offer commensurate with my abilities, would stand a chance of luring me away.

On Saturday morning, I woke up to an email from one such company, saying they'd found my details online, that they were recruiting software engineers for "a special project", and would I be interested?

I'm not naive. I gave good odds that I was on the receiving end of a fishing expedition similar to when Eric Raymond got a job offer from Microsoft. I emailed back to say that yes, it was something I would potentially be interested in, and that I might be quite good at, but due to my lack of certain required skills (C++ was listed. Bleah) and general being-in-another-countryness, I probably wouldn't make the cut.

Come Tuesday, I woke up to another email asking me to send in my resumé anyway. The main problem here is that I don't have a resumé. The last time I needed one was two years ago, I wrote it using lyx for a laugh, and lost the LaTeX source file. So I spend an hour or so writing a new CV from scratch, mail it off... and within fifteen minutes receive a stock "Sorry, we have nothing suitable for you right now" response.

Grr. That fast a response means a first-pass rejection -- I didn't make the technical requirements for the position. Which is exactly what I said in my email before I had to rewrite my CV. I'm sure there's something in the HR manual that says to be sure you get a resumé on file for future reference, but this whole thing leaves me with a "my time is more valuable than your time" taste.